EP3991381B1 - Method and system for generating encryption keys for transaction or connection data - Google Patents

Description

Field of the invention.

The invention relates to a method and system for generating encryption keys for sensitive transaction data.

In particular, encryption keys are intended to secure sensitive transaction data which may be presented preferably in the form of secure 2D codes but not exclusively.

It concerns an application or use of the method and system for generating encryption keys for an exchange of sensitive data in particular between a service server and a mobile terminal application or between terminals.

The invention finds in particular an application or use in securing the exchange of sensitive data between servers of a bank (or financial organization) and applications of mobile communication terminals (under an operating system in particular Android, IOS, etc.). ..) notably via QR codes (Quick response codes, 2D codes, barcode). These exchanges can make it possible to carry out digital banking transactions (eBanking in English) including retail or wholesale sales or payments.

The invention can be used to generate encryption keys making it possible to secure any method or technique of secure connection (login in English) in particular by USB, Bluetooth, NFC or other communication technique... to servers, portal computer access, computer or any remote communication device, etc.

Prior art.

A QR code (or 2D code) is commonly used for various digital banking transactions (eBanking) such as registration (or enrollment), computer connection or access to a website, transfer, beneficiary management, account opening, card requests or all other operations requiring validation by a user.

In particular, the invention targets transactions permitted and controlled in particular using the “EZIO mobile” device from Gemalto SA.

Using a mobile application provided by their bank, a user can validate and complete a transaction by scanning or capturing a unique QR code generated for this purpose. This method is supposed to make the user experience easier.

This QR code often includes sensitive transaction data (for example authentication parameters for a connection or private account numbers and a currency amount for a money transfer transaction, etc.); This sensitive data could be used by attackers or fraudsters for all kinds of online attacks. This is why, in order to guarantee a certain level of security, QR codes are usually encrypted using standard cryptographic algorithms (3DES, AES, etc.).

• La clé de chiffrement doit être solidement partagée avec le client (application mobile) afin de pouvoir effectuer le déchiffrement.
• Comme les applications mobiles des banques sont généralement destinées à être publiées sur les boutiques en ligne (Apple, Google,...) afin que quiconque puisse les télécharger, la clé doit être diversifiée afin d'éviter de compromettre tous les utilisateurs si elle a été piratée.

This security measure involves two things:

• The encryption key must be securely shared with the client (mobile application) in order to perform decryption.
• As bank mobile applications are generally intended to be published on online stores (Apple, Google, etc.) so that anyone can download them, the key must be diversified in order to avoid compromising all users if it has been hacked.

The inventors found that the simplest solution would have been to put the key directly in the mobile software application and apply an obfuscation method in order to protect it, but since, the application would be easily accessible on the internet and it It would be possible to find the key quite easily by “reverse engineering” which is unacceptable in terms of risk for the banks.

Furthermore, in this solution, the key is unique and not diversified per user because it is directly contained in the software application code.

They also thought that the key could be shared via secure communication such as TLS during the lifespan of the software applications, but the level of security would have been insufficient, the user experience would have been disrupted by long waiting times; Additionally, it is necessary to make online transactions to exchange the key with the bank.

Furthermore, we know the authentication servers comprising HSM modules (hardware security module in English) whose standardized function is to carry out cryptographic calculations of the OTP type for authentication or validation purposes to make electronic connections. The invention may target HSM and/or authentication server structures and functions known to those skilled in the art, with more or less standardized or recommended commands. Their structure or functions may conform to those of HSMs or authentication servers from Thales such as “SafeNet Luna Network HSM” or “Thales Payshield 9000”.

These HSMs generally work as follows: Secret keys linked to the generation/verification of OTPs are exchanged securely with end user terminals then are stored in the authentication server database (HSM), generally under form encrypted by another secret generated and known only by the HSM. When verifying, for example an OTP, the authentication server asks the HSM to decrypt the corresponding key to perform the reverse calculation of verifying the OTP then returns the result to allow or not a connection.

The document WO 2019/026038 A1 relates to a method for authenticating a transaction. The method implements a request for authentication of a transaction including the details of the transaction. A unique key shared between a service provider and a mobile phone is set up beforehand. The transaction details are encrypted with the unique key and returned to the user in particular in the form of 3D code. The user decrypts the transaction data to confirm the transaction and an OTP is calculated based on the transaction data. This OTP is entered and returned by the user to validate the transaction by the service provider.

Technical problem.

More and more banks are relying on one-time “OTP” (One-Time-Password) number mechanisms to secure their transactions. digital (or electronic) banking (eBanking in English). OTP values are calculated by the mobile software application using a secret key shared and verified by the bank (in the background) through an authentication server.

This shared secret key is often securely exchanged during the user enrollment process and stored in a protected memory area dedicated to the software application. In this configuration, the shared secret key is only known to the mobile application and the authentication server hosted in the bank (in the background). And each shared secret key of an enrolled user is different from the keys of other users.

The inventors imagined that this secret key sharing could be used directly to encrypt QR code data, but since this is not the primary objective of an authentication server and it is not a characteristic either standard, this would expose significant additional modifications and costs on the mobile terminal side and on the server side to respond to the problem solved by the invention.

Given the context described above, the inventors propose to implement a more suitable solution by preferably using resources already available to facilitate the deployment of the solution.

Objective of the invention.

The invention aims in particular to resolve the aforementioned drawbacks.

The invention proposes a transaction method or system protected or secured by the implementation of encrypted dynamic keys to encrypt and decrypt transaction data and which can be set up or deployed very easily or very economically with a very good level. associated security.

Another objective of the invention is to provide a means for generating a dynamic transaction data encryption key in order to use it in the above transaction method and system.

The invention has another specific and preferred objective, a banking transaction method implementing a step of validation or control of the transaction data by the user via the use of QR codes encrypted with dynamic key containing all or part of this transaction data;

Another objective of the invention is to enable transactions, in particular for connections to services or hardware or software entities by different communication protocols: USB, Bluetooth, etc.

The invention aims to generalize the use of servers (authentication) to secure any exchange of data.

Summary of the invention .

The invention according to a preferred mode consists of diverting or using at least in part an initial or predefined function of an authentication server to secure electronic transactions in the broad sense. In particular, the invention makes it possible to use a “Get Dpuk” command or equivalent specific to the authentication server to obtain (on request), an OTP element or dynamic key element and use it to encrypt exchanges.

In particular, the invention arranges or configures, to good effect, a system or method of transaction or exchange of sensitive data, (preferably implementing transaction steps in particular banking, or payment), by reusing or hijacking standard or commonly used commands in an authentication server.

The invention may provide a library of commands or at least one command (or a set of commands) specific to or specific to authentication servers such as “get DPUK”, “generate or integrate a “Rate” challenge into a generation command. a dynamic “DPUK” key intended for the authentication server or an HSM similar to that of an authentication server; These commands make it possible to interact with this authentication server and obtain a standardized and/or certified dynamic key, in order to use it or combine it in said sensitive data transaction system or method referred to above.

The system may be configured to allow communication interaction and/or ad hoc interfaces and access to this authentication server. In particular, the invention can establish a secure connection or secure communication interface between a computer or internet server of any entity (in particular a bank) via any communication network and/or data storage and/or software via notably cloud computing.

The invention allows decentralized access to dynamic key generation resources via a computing cloud (cloud). Thus, the deployment of the invention can be facilitated thanks to a “cloud” (private or public) to allow encryption/decryption (or verification) keys to be collected easily and quickly.

The invention also provides in parallel for loading a software application arranged or configured to use the similar or identical function or command “GEt DPUK” and obtain the same dynamic key (as that generated by the authentication server) in a mobile terminal ( or in a security or trust device) adapted to provide assistance in validating the transaction or to secure a transaction.

For this purpose, both the authentication server (preferably with an HSM security module) and the device or terminal assisting in carrying out a transaction, can contain or share the same “Kshared” shared key or value. .

Thus, the invention may provide for the targeted transaction system to be adapted or configured to allow generation and use of a dynamic encrypted key to encrypt and decrypt sensitive transaction data for different purposes, such as control or validation of transactions, or a connection to a system, or access to an online or remote service, in particular from a bank or financial organizations or other entities.

To this end, the subject of the invention is a (communication) system comprising a computer or communication (in particular authentication) server comprising secret keys, each associated with an identifier (ID1) of person, computer entity or terminal;
The server is characterized in that it is configured to generate and communicate, on request with the identifier, and remotely, a dynamic key from a secret key, and a variable and/or a random , said dynamic key serving as a dynamic encryption/decryption key or base for obtaining a dynamic data encryption/decryption key.

The dynamic nature of the key may result from the use of a variable and/or a hazard which may be valid for a certain predetermined time or linked to an event.

• Ladite variable (ou ledit aléa) peut être connue du terminal ou de l'entité informatique effectuant la demande. Ladite variable (ou aléa) peut être connue soit parce qu'elle a été générée de manière identique en local, soit par ce qu'elle a été reçue (ou échangée) notamment du serveur d'authentification.
• Le serveur peut être un serveur d'authentification (selon le mode préféré pour faciliter le déploiement de l'invention).

According to other characteristics:

• Said variable (or said hazard) may be known to the terminal or the IT entity making the request. Said variable (or random event) can be known either because it was generated in an identical manner locally, or because it was received (or exchanged) in particular from the authentication server.
• The server may be an authentication server (in the preferred mode to facilitate deployment of the invention).

• authentifier chaque terminal ou utilisateur à l'aide du serveur d'authentification sur la base d'une clé partagée entre chaque terminal et ledit serveur d'authentification ; le système peut être caractérisé en ce que ledit système est configuré pour :
  • requérir auprès du serveur d'authentification ou du terminal, une génération de clé dynamique de chiffrement à partir de ladite clé partagée de terminal, et d'un aléa et/ou d'une variable,
  • et utiliser ladite clé dynamique pour chiffrer ou déchiffrer lesdites données échangées entre ledit terminal et ladite entité informatique.

The invention finds application in a data communication system between at least one terminal and a computer entity, said system comprising an authentication server above (according to the subject of claim 4), a service computer entity and customer communication terminals; The system can be preferably configured to:

• authenticate each terminal or user using the authentication server on the basis of a key shared between each terminal and said authentication server; the system can be characterized in that said system is configured to:
  • request from the authentication server or the terminal, a generation of a dynamic encryption key from said shared terminal key, and a hazard and/or a variable,
  • and use said dynamic key to encrypt or decrypt said data exchanged between said terminal and said computing entity.

• Chaque terminal peut être configuré avec une mémoire comportant une clé de chiffrement/déchiffrement partagée distincte de celle d'un autre terminal et partagée avec ledit serveur d'authentification.
• Ladite clé dynamique peut comprendre ou constituer un OTP, un HOTP ou un TOTP.

According to other characteristics of the system:

• Each terminal can be configured with a memory comprising a shared encryption/decryption key distinct from that of another terminal and shared with said authentication server.
• Said dynamic key may include or constitute an OTP, a HOTP or a TOTP.

• configurer ledit système pour authentifier chaque terminal ou utilisateur à l'aide du serveur d'authentification sur la base d'une clé partagée (Kshared) entre chaque terminal et ledit serveur d'authentification ;
• requérir auprès du serveur d'authentification ou du terminal, une génération de clé dynamique de chiffrement à partir de ladite clé partagée correspondant au terminal, et d'un aléa et/ou variable,
• utiliser ladite clé dynamique pour chiffrer ou déchiffrer un échange de données entre ledit terminal et ladite entité informatique.

The invention also relates to a method of data communication between at least one terminal and a computer entity, said method implementing a system comprising said authentication server (according to claim 4), a service computer entity and terminals; The process may include steps for:

• configure said system to authenticate each terminal or user using the authentication server on the basis of a shared key (Kshared) between each terminal and said authentication server;
• request from the authentication server or the terminal, a generation of a dynamic encryption key from said shared key corresponding to the terminal, and a hazard and/or variable,
• use said dynamic key to encrypt or decrypt a data exchange between said terminal and said computing entity.

• Ledit échange de données entre ledit terminal et ladite entité informatique est distinct d'un échange de données d'authentification comprenant un numéro à usage unique échangé entre ledit terminal et ledit serveur d'authentification ou ladite entité de communication ;
• Ladite clé de chiffrement dynamique peut être générée par ledit serveur d'authentification, en réponse à une commande spécifique (standard ou certifiée émise par ladite entité informatique de communication.

According to other characteristics of the process:

• Said data exchange between said terminal and said IT entity is distinct from an exchange of authentication data comprising a single-use number exchanged between said terminal and said authentication server or said communication entity;
• Said dynamic encryption key can be generated by said authentication server, in response to a specific command (standard or certified issued by said computer communication entity.

The invention has the following advantages.

As the dynamic key or a similar secret is always necessary, this solution could be easily implemented with any authentication server on the market and with any mobile terminal (smart phone, tablet, PDA, or other ...), having a software development kit (SDK) presenting standard OTP generation functions, two hardware or software resources that banks or other entities (legal user companies, or public or private organizations) already have.

The invention may require minimal software development on mobile terminals (or electronic trust or security devices such as EZIO EYE of the company Gemalto SA) and in support computers or servers in the background (back-end) of the bank or other private or public entities.

The key used to decrypt the QR code (2D code) may not be stored anywhere in the mobile application; on the contrary it is changed (dynamically) with each transaction to reinforce security.

The bank does not need to incur additional costs in hardware and/or software infrastructure to set up a complicated process for storing and managing these dynamic keys;
The decryption (verification) process may be offline; It can be performed even if the mobile software application is not connected to the network, which represents a very important advantage for the user.

The invention can be extended to any hardware device for generating OTP, whether or not distinct from an authentication server.

Brief description of the figures.

• There figure 1 illustrates a first part of the method and system for securing an electronic transaction between a transaction server and a client terminal;
• There figure 2 illustrates a second part of the method and system for securing an electronic transaction between a transaction server and a client terminal;
• There Figure 3 illustrates a method of using a dynamic key from a server (authentication or DPUK, OTP keys) for encryption/decryption purposes between a transaction server and a client terminal or between terminals;

Description.

To the figure 1 illustrates a first part of a method (and system 2) for a data communication method between at least one terminal and a computing entity. This process is intended to secure an exchange 10 of data sensitive (sensitive electronic transaction and/or connection data), between a transaction server 3 and a client terminal 1.

By transaction we mean an exchange of data between two logical or hardware entities. It can be for different purposes, in particular for connection to a service or logical or physical access, or financial transactions, payment, enrollment, recording, financial transfer, exchange of sensitive data, etc.

The method can advantageously implement or use an already existing system comprising an authentication server, a service IT entity (transaction server 3) and client terminals 1; This system can already be configured to authenticate each terminal or user using the authentication server on the basis of a key shared between each terminal and said authentication server.

Thus, the deployment of the invention is facilitated if the system already provides these functions and materials above.

• Selon une caractéristique du mode préféré de l'invention, le procédé comprend les étapes de configuration d'au moins un terminal client et d'un serveur d'authentification pour générer une clé dynamique d'authentification sur la base une clé partagée, d'un aléa et (éventuellement) un identifiant correspondant à chaque terminal;
• Le serveur requiert un identifiant du terminal ou de l'utilisateur ou d'une application pour retrouver la même clé ou secret partagé dans une base afin de retrouver la même clé dynamique.

Transaction 10 includes a step of encrypting sensitive data with an encryption key,

• According to a characteristic of the preferred mode of the invention, the method comprises the steps of configuring at least one client terminal and an authentication server to generate a dynamic authentication key on the basis of a shared key, a hazard and (optionally) an identifier corresponding to each terminal;
• The server requires an identifier of the terminal or of the user or of an application to find the same key or shared secret in a database in order to find the same dynamic key.

The issuing terminal does not necessarily need the identifier of itself or of an application it hosts or of the user to generate the same key. On the other hand, the terminal communicates an identifier to the key server to find the same shared secret.

Thus, the method can implement steps to request from the authentication server a generation of dynamic encryption key from the elements above.

As for the terminal, the method may require the same thing but may be without identifier because unlike the server, the terminal may only have one shared key while the server may include numerous shared keys corresponding to each terminal or user of the system. .

The server can find the corresponding shared key on the basis of a user identifier and/or terminal (e.g. IMEI of mobile phone)
In the example, the authentication server 5 can be linked to or include an HSM (Hardware Security Module in English) which stores encryption keys (kshared) in secure memory which can be associated with users or user terminals ( or communicating computing entities or remote computers) and shared with client applications 1 for authentication purposes; An authentication server generally includes all hardware and software means necessary for the security of the information it contains.

However, the authentication server 5 can be any equivalent remote computer equipped with rigorous, high-level secure communication and storage functions of encryption keys dedicated to authentication. Storage can be carried out in particular in SE security elements, associated USB keys, or other hardware media connected or soldered on a server printed circuit as long as the level of security is guaranteed.

The authentication server may preferably include network communication interfaces (internet, intranet) to be particularly accessible in the cloud (cloud in English) via any telecommunications network, Wifi, Bluetooth, NFC, mobile telecommunications. Preferably, mutual authentication or secure communication procedures can be implemented such as HTTPS.

The authentication server can be dedicated to the transactions to be carried out by the method or system. However, advantageously, it is not dedicated but is part of a separate pre-established authentication system.

In particular, the authentication system can be designed for completely other (distinct) purposes than those for which it is used in the invention. Rather, it is exclusively used to authorize connections following authentication of a user wishing to access a service or an online operation via a communication device of the user issuing a code preferably of the OTP type (one-time use number). It may not be intended or dedicated to any transaction service.

The authentication server can therefore be distinct from or foreign to a banking transaction service, electronic financial transactions, or e-Commerce preferably targeted by the field of application of the invention.

According to one characteristic, the transaction 10 is distinct from an authentication operation in particular using a one-time use number (OTP). Such an OTP makes it possible to perform a comparison with an OTP issued or generated in parallel in the authentication server for authentication.

The authentication system can exclusively make it possible in particular to provide a network service to validate information such as the name and password of a user, to grant a connection, to verify certificates for authentication of people, to verify passwords. one-time pass (OTP) generated remotely by a user's device, or to send an OTP to a user which the latter must send back to the authentication server through a channel parallel to that of reception in order to allow a connection to a remote server, or any access.

Furthermore, in the example, the software applications of client type 1 may include mobile applications hosted in mobile terminals, or client applications for personal computers, tablets, personal assistants, etc.

According to a characteristic of the preferred mode, the method provides for a request for a dynamic authentication key from the authentication server 5 and/or the user terminal 1;
Indeed, both the server and the terminal are able to initiate encryption of sensitive data and communicate to the other the encrypted result with in particular a hazard for dynamic encryption and an identifier to find the shared key.

According to another characteristic of the preferred mode, the method provides for use of the dynamic DPUK key for the encryption or decryption of sensitive data exchanged between said terminal and said IT entity.
In fact, this dynamic key will not be used here to authenticate, particularly via an OTP, but to encrypt all sensitive data to be exchanged.

The authentication server 5 includes memories (or a secure data storage base) for storing/memorizing encryption keys 6, DPUK or kshared. These keys 6, DPUK, kshared are shared/common with client-type software applications 16 dedicated for authentication purposes in a user's client terminals;
According to another characteristic of the preferred mode, the transaction system 2 of the invention is also configured to encrypt said sensitive data 7 with said dynamic encryption key (Dpuk).

In fact, according to the invention, the authentication server does not perform this encryption operation. It simply provides the “Dpuk” key, in a manner known per se thanks to a normal command provided per se in the state of the art exclusively for purposes distinct from an electronic transaction).

However, this “Dpuk” key is used thanks to the invention, for electronic transaction purposes (in particular banking) by a server 4, 3 of the transaction system 2.

In this case, the transaction server can be single, multiple or here double since it includes server 3 (or an online site on the Internet) of a service provider, for example a bank, or a financial organization.

The latter (website or computers) are associated or connected by any means of communication, to a back end server 4 (or central computers) of a service provider, for example here , a financial service provider of a bank or financial organization.

• Le système d'authentification comprend un serveur d'authentification / client et utilise des clés de chiffrement partagées ou diversifiées avec des applications clientes dédiées à des fins d'authentification ;
• Le système de transaction 2 est du type serveur / client et utilise les mêmes clés de chiffrement 6, DPUK, « Kshared » partagées avec (ou diversifiées) des clés d'applications clientes dédiées à des fins de transaction,

In operation, the authentication server 5 of an SA authentication system receives a dynamic key command 140 from a server transaction 4 of a transaction system 2; And in response, the authentication server 5 proceeds to generate a dynamic encryption key (Dpuk);

• The authentication system includes an authentication server/client and uses shared or diversified encryption keys with dedicated client applications for authentication purposes;
• The transaction system 2 is of the server/client type and uses the same encryption keys 6, DPUK, “Kshared” shared with (or diversified) client application keys dedicated for transaction purposes,

According to a characteristic of the preferred mode, the dynamic encryption key (DPUK) is generated by the authentication server 5 in response to a specific command or request 40 of standard or certified type, issued by the transaction server 3 or a server or computer 4 associated or connected to the transaction server 3 or website of a service provider.

• A l'étape 10 un utilisateur 1 se connecte à un site bancaire 3 de sa banque via un ordinateur fixe ou portable ou même une tablette (non illustré) et il initie une transaction de transfert de fond tel qu'un virement de son compte à un compte tiers externe ; Il remplit en ligne un formulaire de virement avec des données de transaction (TrsData), un identifiant d'utilisateur ID1 et poursuit la transaction en cliquant sur un bouton ;
• A l'étape 20, le site bancaire 3 émet une requête de QR code ou code 2D auprès des ordinateurs 4 de la banque (back office, back end) pour sécuriser et confirmer l'ensemble des données (TrsData) de la transaction (montant, compte débiteur, compte créditeur, bénéficiaire, date du virement...), ces données de transaction sont associés à l'identifiant utilisateur ou identifiant lié à un appareil ou terminal de l'utilisateur ou à un compte utilisateur ou une application logicielle de terminal mobile; L'identifiant est lié à la clé partagée (Kshared) entre le terminal et le serveur 5;
• Aux étapes 30 puis 40, les ordinateurs 4 de banque génèrent un aléa ou challenge (Chall) puis émettent une requête de clé dynamique DPUK véhiculant l'aléa (chall) et l'identifiant ID1; A cet effet, une connexion de préférence sécurisée est établie avec un serveur d'authentification 5. De préférence, la connexion s'effectue à travers le nuage informatique (C).

To the figure 1 , we will describe below the different interactions or steps of an example of the method and system for securing an electronic transaction between a transaction server and a client terminal.

• In step 10, a user 1 connects to a banking site 3 of his bank via a desktop or laptop computer or even a tablet (not shown) and initiates a funds transfer transaction such as a transfer from his account to an external third-party account; He completes a transfer form online with transaction data (TrsData), a user identifier ID1 and continues the transaction by clicking a button;
• In step 20, the banking site 3 issues a QR code or 2D code request to the bank's computers 4 (back office, back end) to secure and confirm all the data (TrsData) of the transaction (amount , debit account, credit account, beneficiary, date of transfer, etc.), these transaction data are associated with the user identifier or identifier linked to a device or terminal of the user or to a user account or a software application of mobile terminal; The identifier is linked to the shared key (Kshared) between the terminal and the server 5;
• In steps 30 then 40, the bank computers 4 generate a hazard or challenge (Chall) then issue a DPUK dynamic key request conveying the hazard (chall) and the identifier ID1; For this purpose, a connection preferably secure is established with an authentication server 5. Preferably, the connection is made through the computing cloud (C).

The hazard (and/or variable) is transmitted with an identifier ID1 (for example an identifier of the terminal such as IMEI or of an application hosted by the terminal or an identifier of the user) and/or other identifier linked to the shared key (Kshared) of the user terminal. Alternatively, this identifier ID1 can be part of the hazard which could include the identifier itself as a fixed part and a variable part completing the identifier to globally form the hazard (for example, a fixed radical forms the identifier and a variable hazard completes the identifier in suffix).

The authentication server 5 can be independent of the bank's transaction system but can remain accessible, on request, according to a preferably well-defined or secure procedure, to any external communication system, in particular a client-server type system. An HTTPS connection can be set up or another connection via VPN for example.

• A l'étape 50, en réponse à la requête de DPUK 40, le serveur d'authentification identifie la clé partagée correspondant au terminal de l'utilisateur sur la base d'un identifiant accompagnant l'aléa, génère une clé dynamique DPUK avec une clé partagée (Kshared) sur la base de l'aléa comme paramètre ; L'élément DPUK peut être calculé sur la base d'un OTP standard (HOTP dans l'invention - basé sur l'incrémentation de compteurs) retourné par le serveur d'authentification. D'autres versions d'OTP peuvent être envisagées comme : TOTP ou aléa/réponse (challenge/réponse) connues de l'homme de l'art.

For this purpose, the computers or server 4 of the bank can be configured (including the IP address of the authentication server, or other connection procedure) to establish a connection 40 and exchanges 60 with the server 5 according to a predefined connection procedure. in response to request 20 from banking site 3.

• In step 50, in response to the DPUK request 40, the authentication server identifies the shared key corresponding to the user's terminal on the basis of an identifier accompanying the hazard, generates a dynamic DPUK key with a shared key (Kshared) based on randomness as a parameter; The DPUK element can be calculated based on a standard OTP (HOTP in the invention - based on the increment of counters) returned by the authentication server. Other versions of OTP can be considered such as: TOTP or hazard/response (challenge/response) known to those skilled in the art.

The authentication server can be configured/parameterized to allow a connection with a list of servers or computers previously identified and authorized to require a dynamic key according to a pre-established, structured and secure process. The server therefore includes a list of identifiers and server or computer connection data (such as MAC addresses, IP address, domain name, associated password).

• A l'étape 60, la clé dynamique 6 (ou élément) DPUK est transmise en retour par le serveur 5 à l'entité requérante 4, ici la banque, via le canal de communication sécurisé via ici notamment le nuage informatique (C) ;
• A l'étape 70, l'entité 4 a reçu DPUK et en réponse calcule une clé de chiffrement (Kenc) sur la base de DPUK et d'une clé de formatage (Kpre) ; Cette clé (Kpre) permet de changer de format de données ou de nombre de bits (de 8 en 16 bits par exemple) et est connue à la fois par l'entité serveur et appareil de l'utilisateur (i.e. application mobile). Cette clé n'a pas forcément à être sécurisée. L'étape de formatage avec la clé de formatage n'est pas indispensable au principe de l'invention.
  Ici on effectue un calcul de chiffrement avec un algorithme de chiffrement symétrique de type AES mais d'autres algorithmes peuvent bien entendu être envisagés (DES, 3DES, ...)
• A l'étape 80 du procédé ou du programme dans l'entité matérielle et logicielle 4, il est prévu d'effectuer à la suite un chiffrement type AES (ou là encore DES ou 3DES) des données de la transaction (TrsData) à l'aide de la clé (Kenc) obtenue précédemment pour obtenir un chiffrement des données de la transaction (TrsDataEnc) avec une clé dynamique;
• A l'étape 90, les données de transaction chiffrées dynamiquement obtenues ci-dessus (TrsDataEnc) peuvent être de préférence (sans être une obligation) transformées en un format de code 2D (ou QR code) en y incluant aussi l'aléa (chall) dans la transformation pour obtenir QRCodeData = Chall + TrsDataEnc ; Alternativement, les valeurs ou données (TrsDataEnc) et l'aléa peuvent être transmis sous tout autre format connu de l'homme de l'art notamment digital, binaire, alphanumérique, signal analogique, image.
• A l'étape 100, l'entité 4 de la banque peut enfin renvoyer une information comprenant les données de la transaction chiffrées dynamiquement et sous forme optionnelle de QR code ou code 2D (QRCode Data). Cette information constitue la réponse à la requête initiale 20 du site internet de la banque 3 (ou autre fournisseur de service ou système informatique ou ordinateur nécessitant un élément dynamique DPUK aussi sécurisé qu'un OTP) et est destinée à sécuriser la demande de transaction 10 de l'utilisateur 1.
• A l'étape 110, le site internet 3 de la banque affiche sur une page web l'information de la transaction comprenant les données de la transaction notamment pour vérification ou contrôle par l'utilisateur (QRCode Data) ; Cette information peut être présentée sous forme de QR code (ou autre forme possible) .

A reciprocal authentication procedure between entities 5 and (3 or 4) can be followed to allow access to the authentication server 5, (for example: JWT (Json web token in English) or in the invention a JSESSIONID) .

• In step 60, the dynamic key 6 (or element) DPUK is transmitted back by the server 5 to the requesting entity 4, here the bank, via the secure communication channel via here in particular the computing cloud (C);
• In step 70, entity 4 has received DPUK and in response calculates an encryption key (Kenc) on the basis of DPUK and a formatting key (Kpre); This key (Kpre) allows you to change the data format or number of bits (from 8 to 16 bits for example) and is known by both the server entity and the user's device (ie mobile application). This key does not necessarily have to be secure. The formatting step with the formatting key is not essential to the principle of the invention.
  Here we carry out an encryption calculation with a symmetric encryption algorithm of the AES type but other algorithms can of course be considered (DES, 3DES, etc.)
• At step 80 of the method or program in the hardware and software entity 4, it is planned to subsequently perform AES type encryption (or again DES or 3DES) of the transaction data (TrsData) at the using the key (Kenc) obtained previously to obtain encryption of the transaction data (TrsDataEnc) with a dynamic key;
• In step 90, the dynamically encrypted transaction data obtained above (TrsDataEnc) can be preferably (without being obligatory) transformed into a 2D code format (or QR code) by also including the hazard (chall ) in the transformation to get QRCodeData = Chall + TrsDataEnc; Alternatively, the values or data (TrsDataEnc) and the hazard can be transmitted in any other format known to those skilled in the art, in particular digital, binary, alphanumeric, analog signal, image.
• In step 100, entity 4 of the bank can finally return information comprising the transaction data dynamically encrypted and in the optional form of QR code or 2D code (QRCode Data). This information constitutes the response to the initial request 20 from the website of the bank 3 (or other service provider or computer system or computer requiring a dynamic DPUK element as secure as an OTP) and is intended to secure the transaction request 10 of user 1.
• In step 110, the bank's website 3 displays the transaction information on a web page including the transaction data in particular for verification or control by the user (QRCode Data); This information can be presented in the form of a QR code (or other possible form).

• A l'étape 120, l'utilisateur effectue un scan ou photographie à l'aide de son smartphone (dans l'exemple) du code affiché sur son dispositif PC ou tablette avec lequel il s'était connecté au site internet de la banque pour effectuer la transaction.

To the figure 2 , the second part of the method and system for securing an electronic transaction is described below.

• In step 120, the user performs a scan or photograph using his smartphone (in the example) of the code displayed on his PC or tablet device with which he had connected to the bank's website to complete the transaction.

To do this, he may have a portable secure mobile device (or device), such as that proposed by the applicant "Gemalto CAP", or a smart mobile phone equipped with specific software "Gemalto Mobile protector". It may also have another device such as “Gemalto token” to decrypt the transaction data which could be displayed in alphanumeric form and entered by the user manually.

• A l'étape 130, le dispositif ci-dessus traiter la photographie ou scan du QR code affiché sur l'écran de son appareil de communication (ordinateur personnel) connecté à la banque pour le lire et extraire les données (formatées sous cette forme) comprenant les données de la transaction et l'aléa (TrsDataEnc + Chall) ;

Le dispositif 6 bis (exemple le téléphone portable) comporte également un kit de développement logiciel sécurisé (SDK) tel que « Gemalto mobile Protector » configuré pour générer un élément dynamique DPUK similaire à celui généré par le serveur d'authentification en réponse à une requête de l'application mobile 16. Le dispositif 6 bis (téléphone) comporte également la clé Kshared partagée avec le serveur d'authentification 5.In the example, the user uses a device 6a (mobile telephone) with a mobile (or software) application 16 (Gemalto mobile Protector);

• In step 130, the above device processes the photograph or scan of the QR code displayed on the screen of its communication device (personal computer) connected to the bank to read it and extract the data (formatted in this form). including the transaction data and the hazard (TrsDataEnc + Chall);

The device 6 bis (example the mobile phone) also includes a secure software development kit (SDK) such as “Gemalto mobile Protector” configured to generate a dynamic DPUK element similar to that generated by the authentication server in response to a request of the mobile application 16. The device 6 bis (telephone) also includes the Kshared key shared with the authentication server 5.

The unique Kshared secret key can be securely exchanged during user enrollment; It can be stored securely and protected on the mobile, for example using advanced encryption and obfuscation methods, and be accessible via a secure access management process and access right management mechanism. The processes of corresponding protection are certified. The key can be protected and stored in particular using an encryption method such as WBC “White-Box Cryptography” in English), homomorphic encryption.

The key may have been stored in the device in order to allow authentication of the user as part of an authentication procedure using an authentication server 5.

Such a procedure may include the steps of generating an OTP in the device 6 bis on the basis of a random event received from the server 5 and the stored Kshared key 6; then a step of transmitting to the server 5 the OTP calculated by the device 6 bis for authentication purposes after verification by the server of this calculated OTP. Conversely, an OTP can be generated in the device then sent to the authentication server with an identifier linked to the shared secret key. This OTP is compared to an OTP calculated in the server on the basis of the same shared key found with the identifier in the authentication server. A hazard may be counter information evolving in an identical manner in the 6 bis device and in the authentication server without there being any transmission of this hazard from one to the other.

• A l'étape 140, l'application mobile 16 effectue une requête de DPUK au kit de développement logiciel 7 ;
• A l'étape 150, le Kit 7 génère une clé dynamique DPUK de manière similaire à celle générée à l'étape 50 ci-dessus dans le serveur 5 avec l'aléa extrait ou identique à celui du serveur ayant servi à calculer DPUK;
• A l'étape 160, le DPUK est transmis à l'application 16 du dispositif 6 bis;
• A l'étape 170, l'application mobile 16 calcule la clé de chiffrement dynamique (Kenc) de manière identique à l'étape 70 ci-dessus ;
• A l'étape 180, l'application mobile 16 peut enfin déchiffrer les données de transactions chiffrées (TrsDataEnc) à l'aide de la clé de chiffrement / déchiffrement (Kenc) pour obtenir les données de la transaction en clair TrsData.

Alternatively, the hazard in the examples of the invention does not need to be transmitted in the exchanges. The identifier ID1 makes it possible to find an identical challenge or internal hazard in the server 5 and in the telephone 6 bis for example by sharing the same algorithm or method of calculation or determination to generate a hazard or variable.

• In step 140, the mobile application 16 makes a DPUK request to the software development kit 7;
• In step 150, Kit 7 generates a dynamic DPUK key in a manner similar to that generated in step 50 above in server 5 with the randomness extracted or identical to that of the server used to calculate DPUK;
• In step 160, the DPUK is transmitted to the application 16 of the device 6 bis;
• In step 170, the mobile application 16 calculates the dynamic encryption key (Kenc) in an identical manner to step 70 above;
• In step 180, the mobile application 16 can finally decrypt the encrypted transaction data (TrsDataEnc) using the encryption key / decryption (Kenc) to obtain the transaction data in clear TrsData.

The user can view the data of his TrsData transaction and control it. If they match those he had previously sent, then he can continue the transaction and finalize it.

Alternatively, the invention and in particular, the dynamic keys of an authentication server can be diverted to make a connection by any means of communication to a communication entity (server 3, 4, website of any service provider , company intranet site, etc.).

For example, a user opens a connection page of any communication entity or access portal. He enters his ID1 identifier and user password on an application on his mobile terminal, the application requests a dynamic DPUK key from the terminal SDK kit 6 bis on the basis of an internal hazard which it attaches to his request. The terminal SDK calculates and returns to the terminal application a dynamic DPUK key based on the hazard.

The terminal application encrypts sensitive connection data (user name, password, etc.), (optionally puts them in 2D code form) and transmits them to the site (or communication entity) to be connected, preferably accompanied by the hazard (or without hazard if the server can calculate such a hazard on its side) and an identifier of the terminal and/or other identifier linked to the shared key (Kshared). Alternatively, this identifier is part of the hazard as a fixed part and a variable part completes the identifier to form the hazard (for example, fixed radical and variable hazard as a suffix).

Upon receipt of the dynamically encrypted connection data and the hazard (optional), the communication entity (internet site / intranet or other computer to be connected), makes a DPUK request on the basis of the hazard (optional and the identifier ID1 via the computing cloud (C) to the authentication server 5. The authentication server 5 has a base of keys each shared with a user terminal.

The server 5 finds the corresponding secret key with an identifier ID1 of the user terminal (or user identifier) and the randomness received (or obtained internally in a synchronized manner or according to a method shared with the terminal) then in turn generates a DPUK having the same value as that generated by the mobile. Using this DPUK, the website 3, 4 (or any communication entity) decrypts the initial message to find the connection data which can now be used to authenticate the user and grant him the connection requested by the user.

In all the examples and all the figures, the transmission of a hazard or variable (ALEA) is a preferred mode but can be optional. The important thing is that the terminal 6 bis or computer entity 4 understands or uses the same variable or random event to obtain the same dynamic DPUK key.

The DPUK can be an OTP of type HOTP (Event-Based One-Time Password) or TOTP (Time-Based One-Time Password. In our preferred example, it is a HOTP.

OTP calculations of the HOTP and TOTP type are known per se.

The dynamic key within the meaning of the invention is dynamic because its value or its calculation can depend on a variable such as an elapsed time value (time stamp, clock value), a value of a counter (in particular with increment regular or not in particular depending on events), a value of a hazard that can change or be selected for each transaction depending on chance. It may depend on a combination of several variables which may or may not include a hazard.

The dynamic key also depends on a shared fixed value such as a key (kshared, a secret value, an encryption key).

Each of them can determine for their part by shared convention or according to the same algorithm or a shared rule, the same hazard (or the same variable). It may for example be a list of pre-established hazards pre-recorded (10 to 1000) in the authentication server and in each terminal (or computer entity 4) and selected according to an order agreed in advance. Occasional synchronization between the server and the entities or terminals may be necessary in the event of a problem or error.

Thus, the hazard or variable does not need to be generated or transmitted to steps 30, 40, 90, 130.

The randomness can be provided by the software application or determined by the SDK application for generation in step 150 ( fig. 2 ).

Likewise, the “Kshared” key is shared preferably but not necessarily in all use cases as below.

Beyond the description of an application of the invention to the encryption of transaction data, the inventors thought of the potential of an authentication server as such. They thought that the authentication server (5) could be used (independently of any client-server system, in particular banking) as an on-demand service server for any system or terminal wishing to obtain a DPUK for purposes in particular of encryption or decryption. This server can be hosted for example in an organization or entity, trusted institution or linked to a country government.

The server would include secret keys each associated with an identifier of a person, computer entity or terminal.

According to one characteristic, this authentication server would be configured to generate and communicate, on request 50) and remotely, a dynamic key (6, DPUK) from a secret key and a variable or random: the dynamic key serving as a dynamic encryption/decryption key or as a basis for obtaining a dynamic data encryption/decryption key (with or without a format change key for example).

According to one characteristic, the variable (or said hazard) may be known to the terminal or the IT entity. Thus, we can find the same DPUK and find information or data transmitted in clear text in each terminal or IT entity.

In an even simpler mode of operation, terminals or entities do not necessarily have the counterpart (similar functions) of the server to calculate a DPUK using an SDK application).

The invention (diverted authentication server) would work as follows: a 6 bis terminal wanting to encrypt data to be transferred to a 6 ter terminal (not illustrated but which may be identical or similar to the 6bis terminal), makes a DPUK request to the authentication server on the basis of an ID1 identifier of the terminal user or an ID1 identifier of the terminal. Server 5 finds in its HSM database a secret key (not shared) but associated with the identifier ID1; then generates a DPUK (variable dynamic value) with an ALEA or generates an OTP;
This DPUK or OTP is transmitted to the 6bis terminal to encrypt or serve as a basis for calculating an information or data encryption key. This data or information is encrypted with the encryption key and transmitted to the 6 ter terminal with an ID1 identifier of the terminal or user.

The terminal or entity 6ter receives the encrypted information and upon receipt requires an OTP or a DPUK identical to that obtained by the terminal 6bis from the authentication server 5 on the basis of the identifier ID1.

The server 5 transmits this DPUK or OTP to the terminal 6 ter which allows the latter to calculate an encryption/decryption key on the basis of this OTP or DPUK which will be used to decrypt the information received from the terminal 6 bis.

If necessary, a hazard can be transmitted to the server by terminal 6 bis to integrate it into the calculation of DPUK or OTP at server level 4.

If necessary, this hazard can be integrated by the terminal 6 bis into the calculation of the encryption key; it can be communicated to the terminal 6 ter at the same time as the identifier ID1 to allow the same encryption/decryption key used by the terminal 6 bis to be recalculated.

Thus, we see the potential of the authentication server used within the meaning of the invention, as a provider of a key service or OTP(s), on demand. This request may come from any computer processing or communication entity or terminal, for purposes of encryption or decryption of data or any information.

Thus, the server 5 of the invention can only be used to authenticate a terminal using an OTP and can also be used to provide OTPs or DPUKs to be used to encrypt or decrypt data.

Alternatively, server 5 may not be an authentication server already deployed in the field, which is given a second use completely distinct from that of authentication via OTP. He can contrary to being a dynamic key server deployed at least for the purposes of encryption or decryption of data or information (without necessarily being an authentication server).

• A l'étape 100, le procédé générique prévoit une configuration d'un serveur 5 (dédié ou pas à l'authentification) et/ou d'un terminal client 6 bis (avec SDK par exemple) pour générer une clé DPUK ou un OTP sur la base d'identifiant ID1 d'utilisateur ou de terminal ou d'une entité informatique 3 ou 4. Le cas échéant, la clé peut être calculée aussi avec un aléa ou une variable qui peut être occasionnellement synchronisée si nécessaire(ou pas) entre des entités (ou terminaux) et serveur 5 ;
• A l'étape 200, le procédé prévoit une requête de clé dynamique (ou OTP) d'un terminal client ou d'une entité informatique cliente auprès du serveur 5 uniquement ou du serveur 5 et du terminal 6 bis chacun de son côté ;
• A l'étape 300, le procédé peut comprendre une étape d'utilisation de la clé DPUK ou OTP directement comme clé de chiffrement dynamique (notamment si la longueur de l'OTP est suffisante) (ou comme base après transformation avec une autre clé ou autre paramètre pour obtenir la clé de chiffrement dynamique), pour chiffrer ou déchiffrer des informations ou données sensibles ;
• A l'étape 400, le procédé effectue un échange des données sensibles chiffrées l'aide d'une clé dynamique, entre un terminal 6 bis d'utilisateur et une unité de communication 3, 4 (ou inversement) ou entre le terminal 6 bis et un quelconque terminal 6 ter similaire à 6 bis.

To the Figure 3 , the invention provides another more generic mode of implementation of the system of figures 1 And 2 using at least part of the system possibly without SDK, without Aléa, without QR code, without Kpre.

• In step 100, the generic method provides for a configuration of a server 5 (dedicated or not to authentication) and/or a client terminal 6 bis (with SDK for example) to generate a DPUK key or an OTP on the basis of user or terminal identifier ID1 or a computer entity 3 or 4. If necessary, the key can also be calculated with a hazard or a variable which can occasionally be synchronized if necessary (or not) between entities (or terminals) and server 5;
• In step 200, the method provides a request for a dynamic key (or OTP) from a client terminal or a client IT entity to the server 5 only or to the server 5 and the terminal 6 bis each on its own;
• In step 300, the method may include a step of using the DPUK or OTP key directly as a dynamic encryption key (in particular if the length of the OTP is sufficient) (or as a base after transformation with another key or other parameter to obtain the dynamic encryption key), to encrypt or decrypt sensitive information or data;
• In step 400, the method carries out an exchange of sensitive data encrypted using a dynamic key, between a user terminal 6 bis and a communication unit 3, 4 (or vice versa) or between the terminal 6 bis and any 6 ter terminal similar to 6 bis.

Then, the terminal 6ter can request a DPUK key or an OTP from the server 5 on the basis of the identifier ID1 of the terminal 6 bis, to decrypt the data received from the terminal 6 bis directly or after calculation of the encryption key on the basis of DPUK or OTP.

Thus, the invention can envisage covering any computer or communication system having access to the key server for encryption or decryption according to a general aspect of the invention and which may require upon request DPUK (or OTP) keys. Access to the server can be done via the cloud (cloud computing). Preferably, the invention plans to reuse authentication servers already deployed in the field for an authentication function of terminals or other IT devices or entities in order to very quickly implement the encryption or decryption function at lower cost and very quickly.

For example, it is not necessary to enroll and re-provision each user device with keys shared between each device and each user.

It is clearly understood that the invention has the advantage of being able to be applied immediately in the event of reuse of an existing infrastructure comprising an authentication server.

Terminology:

• TrsData = Transaction data currently being exchanged with the client mobile application, for example for a money transfer;
• TrsDataEnc = encrypted transaction data;
• Chall = random challenge;
• Kshared = Shared secret key stored in a secure memory area; Exchanged during an enrollment process (the key described in context);
• HOTP = HMAC-based OTP (one-time use number);
• TOTP = Time-Based Unique Password Algorithm;
• DPUK = Dynamic PUK, calculated as TOTP(KEY, DATA) or HOTP(KEY, DATA); To generalize we use DPUK(KEY,DATA);
• Kpre (or Kpredefined) = Predefined key, a fixed random key offended in the mobile application and known by the back-end of the bank:
  Kenc = Dynamic encryption key

Claims (10)

1. A system (2) comprising a server (5) comprising secret keys each associated with an identifier (ID1) of a user, computing entity or terminal, or terminal application,
   characterized in that said server (5) is configured to generate and communicate, on request (40) with the identifier (ID1), and remotely, a dynamic key (6, DPUK) based on a secret key (Kshared), and on a variable or a random value, said dynamic key (6, DPUK) serving as a dynamic encryption/decryption key or as a base for obtaining a dynamic data encryption/decryption key.
2. The system according to the preceding claim, characterized in that said variable or said random number is known to the terminal or the computing entity.
3. The system according to the preceding claim, characterized in that said dynamic key comprises an OTP, an HOTP or a TOTP.
4. The system according to one of the preceding claims, characterized in that said server (5) is an authentication server.
5. A data communication system (2) between at least one terminal (1) and a computing entity (3,4), said system comprising an authentication server (5) according to claim 4, a service computing entity (4,5) and terminals (1), said system being configured to:

   - authenticating each terminal (1) or user using the authentication server (5) on the basis of a shared key (Kshared) between each terminal and said authentication server,

   - requesting from the authentication server (5) or from the terminal (1), a generating (50) of a dynamic encryption key (6, DPUK) based on said shared terminal key, and on a random figure or variable,

   - and using (80) said dynamic key (6, DPUK) to encrypt (80) or decrypt (180) said data exchanged between said terminal and said computing entity.
6. The communication system (2) according to the preceding claim, characterized in that each terminal (1) is configured with a memory comprising a shared encryption/decryption key (Kshared) distinct from that of another terminal and shared with said authentication server (5).
7. A method for data communication between at least one terminal (1) and a computing entity (3, 4), said method implementing a system comprising said authentication server (5) according to claim 4, a service computing entity (3,4), and terminals (1), said method comprising steps for:

   - configuring said system for authenticating each terminal (1) or user using the authentication server (5) on the basis of a shared key (Kshared) between each terminal and said authentication server,

   - requesting from the authentication server (5) or from the terminal (1), a generating (50) of a dynamic encryption key (6, DPUK) based on said shared key (Kshared) corresponding to the terminal, and on a random figure and/or variable,

   - using said dynamic key (6, DPUK) to encrypt or decrypt an exchange of data between said terminal (1) and said computing entity (4, 5).
8. The method according to the preceding claim, characterized in that said exchange of data is distinct from an exchange of authentication data comprising a one-time number (OTP) exchanged between said terminal and said authentication server or said communication entity.
9. The method according to the preceding claim, characterized in that said dynamic encryption key (6, DPUK) is generated by said authentication server (5), in response to a standard or certified specific command (40) emitted by said communication computing entity (3,4).
10. The method according to any one of claims 7 to 9, characterized in that said dynamic encryption key comprises an OTP or HOTP or TOTP.

Images